Apache HTTP Error Config
Apache HTTP Error Config
Connectors
SmartConnector for Apache HTTP
Server Error File
Configuration Guide
June, 2018
Configuration Guide
June, 2018
Copyright © 2003 – 2017; 2018 Micro Focus and its affiliates and licensors.
Warranty
The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro
Focus”) are set forth in the express warranty statements accompanying such products and services.
Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be
liable for technical or editorial errors or omissions contained herein. The information contained herein
is subject to change without notice.
Confidential computer software. Except as specifically indicated otherwise, a valid license from Micro
Focus is required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial
Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are
licensed to the U.S. Government under vendor's standard commercial license.
Trademark Notices
Adobe™ is a trademark of Adobe Systems Incorporated. Microsoft® and Windows® are U.S. registered
trademarks of Microsoft Corporation. UNIX® is a registered trademark of The Open Group.
Revision History
Date Description
10/17/2017 Added encryption parameters to Global Parameters.
11/30/2016 Updated installation procedure for setting preferred IP address mode.
08/14/2015 Updated versions supported.
06/30/2012 Added support for version 2.4. Added and updated mappings.
05/15/2012 Added new installation procedure.
09/30/2011 Updated Log File Name parameter description.
02/11/2010 Added support for FIPS Suite B and CEF File transport.
06/30/2009 Global update to installation procedure for FIPS support.
11/12/2008 Updated configuration guide name.
09/25/2008 Added image of installation parameter screen.
03/01/2008 Update to installation procedure.
09/20/2007 General content update; correction to error log path.
Configuration Guide
This guide provides information for installing the SmartConnector for Apache HTTP Server Error
File and configuring the device for event collection. This SmartConnector is supported on AIX,
Linux, and Solaris platforms. Apache HTTP Server versions 1.3 and 2.4 are supported.
Product Overview
The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP
server for modern operating systems including UNIX and Windows NT. Apache is a secure,
efficient, and extensible server that provides HTTP services in sync with the current HTTP
standards.
The Apache HTTP server error log (whose name and location is set by the ErrorLog directive), is
the most important log file. This is where the Apache server sends diagnostic information and
records any errors it encounters when processing requests. It is the first place to look when a
problem occurs with starting the server or with the operation of the server, because it will often
contain details of what went wrong and how to fix it. (See the Apache HTTP Server
documentation for more information.)
1 Make sure that you are using Apache's default log formats.
The SmartConnector for Apache HTTP Server Error Log uses only four Apache default log
formats. The default formats must appear in Apache's configuration file,
/etc/apache/httpd.conf, as the following:
where <log file> is one of the following: full, debug, combined, or common.
For complete product information, read the Administrator's Guide as well as the Installation and
Configuration guide for your ArcSight product before installing a new SmartConnector. If you are
adding a connector to the ArcSight Management Center, see the ArcSight Management Center
Administrator's Guide for instructions, and start the installation procedure at "Set Global
Parameters (optional)" or "Select Connector and Add Parameter Information."
Administrator passwords
1 Download the SmartConnector executable for your operating system from the Micro Focus
SSO site.
2 Start the SmartConnector installation and configuration wizard by running the executable.
Follow the wizard through the following folder selection tasks and installation of the core
connector software:
Introduction
Choose Install Folder
Choose Shortcut Folder
Pre-Installation Summary
Installing...
3 When the installation of SmartConnector core component software is finished, the following
window is displayed:
Parameter Setting
FIPS mode Select 'Enabled' to enable FIPS compliant mode. To enable FIPS Suite B Mode, see the
SmartConnector User Guide under "Modifying Connector Parameters" for instructions. Initially, this
value is set to 'Disabled'.
Remote Management Select 'Enabled' to enable remote management from ArcSight Management Center. When queried
by the remote management device, the values you specify here for enabling remote management
and the port number will be used. Initially, this value is set to 'Disabled'.
Remote Management The remote management device will listen to the port specified in this field. The default port
Listener Port number is 9001.
Preferred IP Version When both IPv4 and IPv6 IP addresses are available for the local host (the machine on which the
connector is installed), you can choose which version is preferred. Otherwise, you will see only one
selection. The initial setting is IPv4.
The following parameters should be configured only if you are using Micro Focus SecureData
solutions to provide encryption. See the Micro Focus SecureData Architecture Guide for more
information.
Parameter Setting
Format Preserving Data leaving the connector machine to a specified destination can be encrypted by selecting ‘Enabled’ to
Encryption encrypt the fields identified in ‘Event Fields to Encrypt' before forwarding events. If encryption is enabled,
it cannot be disabled. Changing any of the encryption parameters again will require a fresh installation of
the connector.
Format Preserving Enter the URL where the Micro Focus SecureData Server is installed.
Policy URL
Proxy Server (https) Enter the proxy host for https connection if any proxy is enabled for this machine.
Parameter Setting
Proxy Port Enter the proxy port for https connection if any proxy is enabled for this machine.
Format Preserving The Micro Focus SecureData client software allows client applications to protect and access data based
Identity on key names. This key name is referred to as the identity. Enter the user identity configured for Micro
Focus SecureData.
Format Preserving Enter the secret configured for Micro Focus SecureData to use for encryption.
Secret
Event Fields to Encrypt Recommended fields for encryption are listed; delete any fields you do not want encrypted and add any
string or numeric fields you want encrypted. Encrypting more fields can affect performance, with 20 fields
being the maximum recommended. Also, because encryption changes the value, rules or categorization
could also be affected. Once encryption is enabled, the list of event fields cannot be edited.
After making your selections, click Next. A summary screen is displayed. Review the summary of
your selections and click Next. Click Continue to return to proceed with "Add a Connector" window.
Continue the installation procedure with "Select Connector and Add Parameter Information."
3 Enter the required SmartConnector parameters to configure the SmartConnector, then click
Next.
Parameter Description
Apache Error Log File Name The absolute path to the location of the log files (such as the default
/var/log/apache/error.log).
Prior to installing the Apache HTTP SmartConnector, make sure the Apache HTTP Server is
configured to use Apache default log formats. The default formats must appear in Apache's
configuration file, /etc/apache/httpd.conf. Make sure these logs are not rotated by
Apache.
Select a Destination
1 The next window asks for the destination type; select a destination and click Next. For
information about the destinations listed, see the ArcSight SmartConnector User Guide.
2 Enter values for the destination. For the ArcSight Manager destination, the values you enter
for User and Password should be the same ArcSight user name and password you created
during the ArcSight Manager installation. Click Next.
3 Enter a name for the SmartConnector and provide other information identifying the
connector's use in your environment. Click Next. The connector starts the registration
process.
4 If you have selected ArcSight Manager as the destination, the certificate import window for
the ArcSight Manager is displayed. Select Import the certificate to the connector from
destination and click Next. (If you select Do not import the certificate to connector from
destination, the connector installation will end.) The certificate is imported and the Add
connector Summary window is displayed.
2 The wizard now prompts you to choose whether you want to run the SmartConnector as a
stand-alone process or as a service. If you choose to run the connector as a stand-alone
process, select Leave as a standalone application, click Next, and continue with step 5.
3 If you chose to run the connector as a service, with Install as a service selected, click Next. The
wizard prompts you to define service parameters. Enter values for Service Internal Name and
Service Display Name and select Yes or No for Start the service automatically. The Install
Service Summary window is displayed when you click Next.
For instructions about upgrading the connector or modifying parameters, see the SmartConnector
User Guide.
If the connector is installed in stand-alone mode, it must be started manually and is not
automatically active when a host is restarted. If installed as a service or daemon, the connector
runs automatically when the host is restarted. For information about connectors running as
services or daemons, see the ArcSight SmartConnector User Guide.
To run all SmartConnectors installed in stand-alone mode on a particular host, open a command
window, go to $ARCSIGHT_HOME\current\bin and run: arcsight connectors